Today, May 15, 2025, Castle extends its proven behavioral detection to the network edge through a no-code, fully managed Cloudflare integration.
The rise of AI allows attackers to operate faster and better than ever, which means fraud and abuse is now embedded in traffic from day one and often overwhelming security and engineering teams by compromising user accounts or creating trial ones in bulk in order to exploit your freemium resources.
This new integration allows you to leverage deep behavioral context to score and act on requests before they reach your origin infrastructure, providing immediate, broad visibility and a critical first layer of defense. Implementation is straightforward and entirely managed by Castle: connect a Cloudflare API token, and Castle seamlessly deploys and maintains the Worker; no application code changes, routing adjustments, or manual Worker code management needed.
Key benefits of Castle for Cloudflare:
- Rapid deployment & visibility: Gain immediate insight across your entire ingress traffic within minutes of a simple, self-serve setup.
- Unified detection: Employs the same battle-tested detection engine and policies at the edge and within your application, ensuring consistent analysis and no rule duplication.
- Reduced user friction: High-accuracy detection enables more sophisticated, native UX interventions, moving beyond disruptive CAPTCHAs.
- Enterprise-grade for all: Access the full power of an advanced behavioral detection system without enterprise sales cycles or overhead, making robust security accessible even for lean teams.
AI-driven abuse disrupts traditional security defenses
The ability to deploy comprehensive behavioral detection to the edge rapidly is crucial because modern automated abuse isn't an isolated event; it's embedded in traffic from day one. Malicious actors leverage real browser automation frameworks, residential proxies, and sophisticated fingerprint spoofing, to blend seamlessly with legitimate user activity. They consume compute resources, saturate queues, and degrade service performance.
This often manifests not as a single, obvious alert, but as ongoing issues impacting engineering and operations: increased API error rates, higher latency, CPU/memory spikes, elevated support queue load, or suspiciously increasing infrastructure costs. The operational burden frequently falls on engineering, distracting developers from core product work to investigate anomalies that are, in fact, coordinated attacks exploiting application logic or resource limits, especially targeting free tiers, public AI interfaces, and signup/invitation flows. Traditional incident response models and tools designed for post-incident forensics fail when every user flow is a potential attack vector requiring real-time, nuanced analysis.
Our unified engine protects from edge to application
Castle's power lies in its unified behavioral engine. This engine, already proven at scale protecting critical flows for companies like Canva and Rockstar Games by operating in a functionally equivalent pre-authentication posture, now operates consistently from the true network edge via Cloudflare to deep within your application logic.
At the edge, via the Cloudflare Worker, core analysis capabilities such as device state modeling, behavioral velocity checks, and contextual behavioral risk scoring execute inline within the traffic path. Unlike many edge security solutions that rely on inspecting request headers, IP lists, or applying static WAF rules/heuristics, Castle evaluates requests within the context of broader user behavior patterns.
Crucially, every request at the edge is scored using the same unified models and policy engine that operate within the application layer via Castle's SDKs and APIs. There is no divergence in logic or duplication of rules. This single, consistent engine analyzes behavior across both surfaces.
The in-app integration is where the richest behavioral context is gathered. Similar to product analytics platforms, Castle's SDKs instrument user activity across critical application flows (logins, signups, payments, profile changes, etc.). This deep integration allows Castle to model behavioral integrity, enriching each user interaction in real time with a comprehensive set of threat-relevant signals: device identification and history, IP reputation and geolocation, behavioral velocity checks (e.g., time-to-complete actions), fingerprint consistency across sessions, and overall session analysis.
This consistency and the combined signal strength from both edge and in-app layers provide the high accuracy needed to move beyond blunt instruments like CAPTCHAs. Instead, teams can design more sophisticated, native UX interventions based on precise risk scoring and custom policies. This creates a unified detection surface, providing end-to-end visibility and enabling consistent, real-time response capabilities such as MFA challenges, rate limits, or blocks based on holistic behavior, all configurable from a single place.
Using AI to turn network traffic into user actions
Traditional security systems often treat network requests as discrete, isolated events. Castle employs a fundamentally different methodology. Detection is predicated on sequences of user actions and their context. Critical business flows like logins, signups, checkouts, or password resets each possess distinct risk profiles and necessitate different combinations of signals for accurate assessment.

To apply this action-centric analysis effectively at the edge, automated classification of raw HTTP requests into meaningful application events was necessary. With the Cloudflare integration, Castle utilizes AI-based classification models that operate in real time to map incoming requests to known product flows (e.g., identifying a POST to /api/v1/session
as a login attempt). This system translates low-level network data into structured behavioral events, often suggesting highly accurate classifications from the very first request. This enables the application of the same sophisticated scoring logic at the edge as within the application backend. Consequently, a login attempt from a trusted device is treated differently than a signup from an unknown fingerprint in headless mode, because the system understands the behavioral context and the role each request plays in the broader user journey.
Enterprise features at startup speed
Startups in 2025 face sophisticated threats from day one, needing access to enterprise-grade security capabilities long before they fit the traditional "enterprise" mold. However, most (if not all) advanced security platforms gate these crucial features behind complex sales cycles and enterprise contracts. We’re passionate about flipping this narrative on its head.
The complete behavioral detection engine for the edge, including AI-based flow classification and contextual scoring, is available via a self-serve workflow. Engineers can connect their Cloudflare account using an API token, deploy the Castle Worker, and begin receiving real-time risk scores for ingress traffic within minutes. No sales calls, contracts, or manual setup are required (but we’re here if you need them). This approach provides the full power of an advanced detection system without the traditional procurement overhead. Pricing is transparent and usage-based, and is visualized in real-time from within the product.
Trust as programmable infrastructure
AI-driven fraud and abuse appear early, scale exponentially, and adapt faster than manual processes can keep pace. Companies effectively mitigating these threats treat trust and safety as an integral part of their system architecture, built into the stack. Castle is designed explicitly for this model. We interpret behavior across the entire user journey and allows engineering teams to define and automate protective logic as code. With Castle's unified behavioral engine now operating at the Cloudflare edge, these requirements for observable, configurable, and resilient trust systems can be met from the very first request.
Activate Castle on your Cloudflare edge in minutes
Ready to extend proven behavioral detection to your Cloudflare perimeter? Deploy Castle's Worker with a few clicks and start seeing real-time risk scores for your ingress traffic. Sign up for free today!